There has been much discussion in the various Dojo fora of late regarding the need (and hassle) of requiring that all contributors send in signed Contributor License Agreements. These agreements state that:
- Those contributing to Dojo Foundation projects actually own what they contribute and therefore have the right to license it to someone else
- All of the rights needed to preserve the freedom of the code over the long haul have been contributed
Aside from some legal jargon, that's all that's in the agreement. So why have it? Why create the barrier to entry for newcomers who just want to pitch in? I have great sympathy for the impatient potential contributor huffing "why do I need to sign this, anyway?", so this blog post is an effort to boil it down. The reasons start with meritocracy.
Open Source projects often pride themselves on creating a more level playing field; when it works right those whose contributions are good are recognized while those whose contributions are bad are left with bit-rotting patches and hopefully some friendly direction on how to improve. In this way, it's the essential function of OSS projects to separate good contributions from bad. Oddly, the CLA process is a simple quality filtering function for weeding out the unserious, or simply another way to weed out potentially good contributions from bad.
CLAs are an annoyance to be sure, but consider what they attest to. I've heard the argument from time to time that "CLA's violate the spirit of Open Source" by limiting who can contribute, but that is indeed the point! Mature projects like Dojo don't accept patches without documentation, unit tests, and good code style...why should clean IP be any different? Indeed, CLAs allow us to be open yet rigorous at the same time. The CLAs process stands in stark contrast to many "open source"-in-name-only products which are produced by single companies or individuals but which don't provide any way to materially contribute back or become part of the project directly. The CLA process is both a sign that the project is open enough to allow you to "get your itches scratched" if you really want to contribute but also mature enough to manage the risks that come along with allowing everyone to potentially participate.
More to the point, do you really want to be taking code from a group of people who won't put in writing what everyone assumes about their contributions? And how seriously should you take an organization that hasn't thought hard enough about their own product to ensure that they actually have all the rights to the work they distribute? Remember, there's no requirement that anything be Open Source or that OSS products be developed as open projects, but the CLA process is in many ways a seal of quality: projects which require it are built to last (at least on an IP basis) and are also open enough to ensure that their community can grow.
One of the best aspects of the CLA process is that it gets people who are contributing to think about what it means to contribute. The CLA process means that they've printed out, signed, and hopefully read and understood that they are doing something serious and that they are joining a community of people who likewise take their work seriously. I really only want to work with people who are committed enough to making Dojo better that they'll take the time to think about how their work is licensed. Far from being just a task you need to do before you can contribute, the CLA process ensures that the people building Dojo are intellectually tall enough to ride.
Tall enough? Join us!